{{- define "control_plane_proxy_resources" }}
cpu: 10m
memory: 15Mi
{{- end }}

{{- if (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
---
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
  name: control-plane-proxy
  namespace: d8-monitoring
  {{- include "helm_lib_module_labels" (list . (dict "app" "control-plane-proxy" "workload-resource-policy.deckhouse.io" "every-node")) | nindent 2 }}
spec:
  targetRef:
    apiVersion: "apps/v1"
    kind: DaemonSet
    name: control-plane-proxy
  updatePolicy:
    updateMode: "Auto"
  resourcePolicy:
    containerPolicies:
    - containerName: kube-rbac-proxy
      minAllowed:
        {{- include "control_plane_proxy_resources" . | nindent 8 }}
      maxAllowed:
        cpu: 20m
        memory: 30Mi
{{- end }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: control-plane-proxy
  namespace: d8-monitoring
  {{- include "helm_lib_module_labels" (list . (dict "app" "control-plane-proxy")) | nindent 2 }}
spec:
  selector:
    matchLabels:
      app: control-plane-proxy
  template:
    metadata:
      labels:
        app: control-plane-proxy
    spec:
      serviceAccountName: control-plane-proxy
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      {{- include "helm_lib_priority_class" (tuple . "cluster-medium") | nindent 6 }}
      {{- include "helm_lib_node_selector" (tuple . "master") | nindent 6 }}
      {{- include "helm_lib_tolerations" (tuple . "any-node") | nindent 6 }}
      imagePullSecrets:
      - name: deckhouse-registry
      containers:
      - name: kube-rbac-proxy
        {{- include "helm_lib_module_container_security_context_read_only_root_filesystem" . | nindent 8 }}
        image: {{ include "helm_lib_module_common_image" (list . "kubeRbacProxy") }}
        args:
          - "--secure-listen-address=$(KUBE_RBAC_PROXY_LISTEN_ADDRESS):8008"
          - "--v=2"
          - "--logtostderr=true"
          - "--stale-cache-interval=1h30m"
          - "--livez-path=/livez"
        ports:
        - containerPort: 8008
          name: https-metrics
        livenessProbe:
          httpGet:
            path: /livez
            port: 8008
            scheme: HTTPS
        env:
        - name: KUBE_RBAC_PROXY_LISTEN_ADDRESS
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: KUBE_RBAC_PROXY_CONFIG
          value: |
            upstreams:
            - upstream: https://127.0.0.1:10257/metrics
              upstreamInsecureSkipVerify: true
              path: /controller-manager/metrics
            - upstream: https://127.0.0.1:10259/metrics
              upstreamInsecureSkipVerify: true
              path: /scheduler/metrics
            - upstream: http://127.0.0.1:2381/metrics
              path: /etcd/metrics
